[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mixing and Matching DHCP and static IPs



Le 27/12/2017 à 16:07, Mark Fletcher a écrit :

my Stretch desktop inside the AirStation LAN showed that can also now
ping to the PI. This represents major progress.

However, I still cannot ssh from the Stretch desktop to the PI (although
I still CAN ssh from the firewall to the PI, and I can still ssh from
the Stretch desktop to the firewall).

My network had an otherwise quiet moment a few minutes ago, and I was
able to try the ping test and note that, when pinging 192.168.1.1 the
light on the ethernet port on the PI does not flash, as I would expect,
but when pinging to 192.168.1.6 the ethernet ports on both the PI and
the firewall flash. I take this as evidence that what Pascal said might
be happening, is happening -- the AirStation for some reason still
doesn't know it can reach 192.168.1.6 directly and so is sending packets
to 192.168.1.1 for forwarding to 192.168.1.6 -- and the firewall machine
is obliging, but that is only working properly for ping packets and not
for TCP protocols like SSH.

If you want to check this you can just try to accept any packets forwarded from the internal interface to itself.

iptables -A FORWARD -i enp0s20u3 -o enp0s20u3 -j ACCEPT

I'm building tcpdump on both the firewall and the PI... If this turns
out to be right I will need to figure out how to manipulate the routing
table of the AirStation. Is it possible for the DHCP server to
communicate static routings to clients?

Yes, DHCP has two options : static-routes (classful) and rfc3442-classless-static-routes (not defined natively in ISC dhcpd AFAIK, managed by ISC dhclient with a custom script). However if the client does not even handle the netmask correctly, I doubt that it accepts these options.


Reply to: